No Credentials Necessary

Imperva's Application Defense Center reported on June 12 that it had discovered the vulnerability in DB2 Version 8. The flaw allows attackers with network access to the database server to bring the server down or to run arbitrary code.

In addition, due to the fact that this is a network-level flaw, attacks slip by DB2's built-in auditing mechanism.